<?php

class PermissionController extends BaseController
{

	/**
	 * 权限管理
	 */
	public function actionAdmin()
	{
		$actions = MemGroup::model()->_getControllers(array('manage'=>''));
		$this->render('admin',array(
			'controllers'=>$actions,
		));
	}
	
	/**
	 * 操作列表
	 */
	public function actionScan() {
		if (Yii::app()->request->getParam('module') != '') {
			$controller = Yii::app()->request->getParam('module') .'-'
						. Yii::app()->request->getParam('controller');
		} else {
			$controller = Yii::app()->request->getParam('controller');
		}
		$controllerInfo = MemGroup::model()->_getControllerInfo($controller);
		$this->renderPartial("actionslist",
				array("actions" => $controllerInfo[0],
						"controller" => $controller,
						"delete" => $controllerInfo[2],
						"task" => $controllerInfo[3],
						"taskViewingExists" => $controllerInfo[4],
						"taskAdministratingExists" => $controllerInfo[5],
						"allowed" => $controllerInfo[1]),
				false, true);
	}

	
	/**
	 * 分配权限集
	 **/
	public function actionCreatePrivilege(){
		//操作后跳转的URL
		$controller=$_POST['controller'];
		$controller = explode('-',$controller);
		$url = "/manage/Permission/scan/module/$controller[0]/controller/$controller[1]";
		//操作备注名
		$actionName = isset($_POST['actionName'])?$_POST['actionName']:'';
		
		//增加操作
		foreach($actionName as $key=>$val){
			if(!empty($val)){
				$memgroup = new AdmGroup();
				$criteria=new CDbCriteria;
				$criteria->compare('name',$key);
				$privilege = $memgroup->find($criteria);
				if(empty($privilege)){
					$model = new AdmGroup();
					$model->zag_title = $val;
					$model->name = $key;
					$model->type = '3';
					$model->save();
				}elseif($privilege->zag_title!=$val){
					$privilege->zag_title = $val;
					$privilege->save();
				}
			}
		}
		//选中操作
		$actions=array();
		if(isset($_POST['action'])){
			$actions = $_POST['action'];
		}else{
			jsRedirect($url,'2','操作错误，请选中操作！','controllerActions');
			exit;
		}
		$type = (int)trim($_POST['createTasks']);
		switch($type){
			case 1:
				$model = new AdmGroup();
				//创建权限集
				if(empty($_POST['tasks']['user'])){
					jsRedirect($url,'2','操作错误，权限集名称不能为空','controllerActions');
					exit;
				}else{
					$model->name = $_POST['tasks']['admin'];
				}
				$model->zag_title = $_POST['tasks']['user'];
				$model->type = '2';
				$model->save();
				//创建权限权集与操作的关联
				foreach($actions as $key=>$val){
					//检测选中的操作是否已加入操作表
					$criteria=new CDbCriteria;
					$criteria->compare('name',$key);
					if(!AdmGroup::model()->exists($criteria)){
						jsRedirect($url,'2','操作错误，选中项操作名不能为空','controllerActions');
						exit;
					}
					//创建关联
					$memPrivilege = new AdmPrivilege();
					$memPrivilege->parent =  $model->name;
					$memPrivilege->child =  $key;
					$memPrivilege->save();
				}
				break;
			case 2:
				//添加到已有权限
				$tasks = $_POST['tasks']['old'];
				foreach($tasks as $val){
					foreach($actions as $key1=>$val1){
						//检测选中的操作是否已加入操作表
						$criteria=new CDbCriteria;
						$criteria->compare('name',$key);
						if(!AdmGroup::model()->exists($criteria)){
							jsRedirect($url,'2','操作错误，选中项操作名不能为空','controllerActions');
							exit;
						}
						//检测重复，如已有关联，则不用添加
						$criteria=new CDbCriteria;
						$criteria->compare('parent',$val);
						$criteria->compare('child',$key1);
						if(!AdmPrivilege::model()->exists($criteria)){
							$memPrivilege = new AdmPrivilege();
							$memPrivilege->parent =  $val;
							$memPrivilege->child =  $key1;
							$memPrivilege->save();
						}
					}
				}
				break;
			case 3:
				//设为总是允许
				foreach($actions as $key=>$val){
					//删除操作分配记录
					$criteria=new CDbCriteria;
					$criteria->compare('child',$key);
					MemPrivilege::model()->deleteAll($criteria);
					$actionlist[] = $key;
				}
				//增加到总是允许列表
				AdmGroup::model()->updataAwayAllow($actionlist,1);
				break;
			default:
				break;
		}
		//$this->redirect($url);
		jsRedirect($url,'2','操作成功！','controllerActions');
	}
	
	/*
	 * 删除操作权限关连
	* */
	public function actionDeleteAllow(){
		//操作后跳转的URL
		if(isset($_GET['controller'])){
			$controller = explode('-',$_GET['controller']);
			$url = "/manage/Permission/scan/module/$controller[0]/controller/$controller[1]";
		}else{
			$url = "/manage/Permission/taskaction/task/".trim($_GET['tasks']);
		}
		$action = trim($_GET['action']);
		$tasks = trim($_GET['tasks']);
		$criteria=new CDbCriteria;
		$criteria->compare('child',$action);
		$criteria->compare('parent',$tasks);
		if(AdmPrivilege::model()->exists($criteria)){
			AdmPrivilege::model()->deleteAll($criteria);
		}else{
			AdmGroup::model()->updataAwayAllow(array($action),2);
		}
		jsRedirect($url,'1','操作成功！','controllerActions');
	}

	/*
	 * 权限集管理
	* */
	public function actionTaskAdmin(){
		$task = AdmGroup::model()->getPrivilege();
		$this->render('taskadmin',array(
				'task'=>$task,
		));
	}
	
	/*
	 *查看权限集操作
	* */
	public function actionTaskAction(){
		$task = trim($_GET['task']);
		$criteria=new CDbCriteria;
		$criteria->compare('name',$task);
		$taskAction = AdmGroup::model()->find($criteria);
		$this->renderPartial('taskactions',array(
				'taskAction'=>$taskAction,
				'task'=>$task,
				),
				false, true);
	}
	
	/*
	 * 删除权限集
	* */
	public function actionDeleteTask(){
		$task = trim($_GET['task']);
		//删除操作分配记录
		$criteria=new CDbCriteria;
		$criteria->compare('parent',$task);
		AdmPrivilege::model()->deleteAll($criteria);
		//删除权限集记录
		$criteria=new CDbCriteria;
		$criteria->compare('name',$task);
		AdmGroup::model()->deleteAll($criteria);
		$this->redirect($this->pre_module_url.'/permission/taskAdmin');
	}
	
	/*
	 * 修改权限集
	* */
	public function actionUpdateTask(){
		$task = trim($_POST['task']);
		$url = $this->pre_module_url.'/memgroup/taskaction/task/'.$task;
		//更新权限集记录
		$criteria=new CDbCriteria;
		$criteria->compare('name',$task);
		$memgroup = MemGroup::model()->find($criteria);
		$memgroup->description = $_POST['tasks']['description'];
		$memgroup->zmg_title = $_POST['tasks']['zmg_title'];
		$memgroup->save();
		//更新操作备注名
		$actionName = isset($_POST['actionName'])?$_POST['actionName']:'';
		foreach($actionName as $key=>$val){
			if(!empty($val)){
				$memgroup = new MemGroup();
				$criteria=new CDbCriteria;
				$criteria->compare('name',$key);
				$privilege = $memgroup->find($criteria);
				$privilege->zmg_title = $val;
				$privilege->save();
			}
		}
		jsRedirect($url,'3','操作成功！','controllerActions');
	}
	
	/*
	 * 管理总是允许列表
	* */
	public function actionAlwaysAllow(){
		if(isset($_POST['del'])){
			$actions = $_POST['action'];
			MemGroup::model()->updataAwayAllow($actions,2);
		}
		$allows = MemGroup::model()->getAllowedAccess();
		$this->render('alwaysallow',array(
				'allows'=>$allows,
		));
	}
}